HonoShield

Overview

HonoShield is a web application built using Hono, a minimal and fast web framework for Cloudflare Workers. The application features secure user authentication through a D1 database and session management with KV storage. The project includes a modular route structure and protection middleware to safeguard sensitive routes. It also supports CSRF protected user registration, login, logout, and profile management functionalities.

Features

User Authentication:
- Authentication is handled through a D1 database with a users table.
- Passwords are securely stored using bcryptjs.
Brute Force Protection:
- Restricts the number of login attempts a user can make within a specific time frame to slow down attackers.
Session Management:
- Secure session IDs generated using Nano ID and stored in Cloudflare Workers KV.
Protected Routes:
- Middleware ensures authentication for accessing sensitive routes.
User Registration:
- New user registration functionality with unique usernames.
Email Verification:
- New account registrations trigger an email verification using the Mailgun API.
Logout Functionality:
- Clears sessions and removes cookies upon logout.
Custom 404 Page:
- Custom 404 error handling for unmatched routes.

Technologies Used

Hono Framework: A lightweight, serverless framework for building web applications and APIs, providing robust routing and middleware capabilities.
Cloudflare Workers KV: A global, low-latency key-value store for efficient session storage.
D1 Database: A scalable and secure database solution for user authentication and data storage, built on Cloudflare's global network.
bcryptjs: A robust library for securely hashing passwords and generating CSRF tokens. It employs the bcrypt algorithm, known for its resistance to brute-force attacks and rainbow table attacks.
Nano ID: A compact, secure, URL-friendly unique string ID generator for generating session IDs and tokens.
Mailgun API: A powerful email delivery service used to send verification emails to new users during registration.